P
US7168090B2ExpiredUtilityPatentIndex 93

Mobile IP authentication

Assignee: CISCO TECH INCPriority: Jan 8, 1999Filed: Jun 10, 2004Granted: Jan 23, 2007
Est. expiryJan 8, 2019(expired)· nominal 20-yr term from priority
Inventors:LEUNG KENT K
H04L 63/08
93
PatentIndex Score
34
Cited by
28
References
38
Claims

Abstract

Methods and apparatus for authenticating a mobile node are disclosed. A server is configured to provide a plurality of security associations associated with a plurality of mobile nodes. A packet identifying a mobile node may then be sent to the server from a network device such as a Home Agent. A security association for the mobile node identified in the packet may then be obtained from the server. The security association may be sent to the network device to permit authentication of the mobile node. Alternatively, authentication of the mobile node may be performed at the server by applying the security association.

Claims

exact text as granted — not AI-modified
1. A server configured to receive an authentication request from a Home Agent which supports Mobile IP, the authentication request identifying a mobile node, the server comprising:
 means for providing a plurality of security associations, the plurality of security associations being associated with a plurality of mobile nodes, the means for providing a plurality of security associations being a repository for the plurality of security associations for one or more Home Agents supporting the plurality of mobile nodes; and 
 means for authenticating the mobile node using a security association associated with the mobile node in response to the authentication request received from the Home Agent, wherein the Home Agent does not store the security association associated with the mobile node identified in the authentication request, wherein the server is not a Home Agent or a Foreign Agent. 
 
   
   
     2. The server as recited in  claim 1 , wherein the security association associated with the mobile node is obtained from the plurality of security associations. 
   
   
     3. The server as recited in  claim 1 , wherein the plurality of mobile nodes are associated with a plurality of Home Agents. 
   
   
     4. The server as recited in  claim 1 , wherein the server further comprises:
 means for sending an authentication reply to the Home Agent, the authentication reply indicating a status of authentication of the mobile node. 
 
   
   
     5. The server as recited in  claim 4 , wherein the authentication request is provided in a packet including a mobile IP registration request and the authentication reply includes a registration reply. 
   
   
     6. The server as recited in  claim 4 , wherein the authentication reply is sent in response to an authentication start packet. 
   
   
     7. The server as recited in  claim 4 , wherein the authentication reply is provided in one of an access-accept packet and an access-reject packet, and the authentication request is provided in an access-request packet. 
   
   
     8. The server as recited in  claim 1 , wherein the server is adapted for authenticating the mobile node according to an RSA Message Digest Algorithm MD5. 
   
   
     9. The server as recited in  claim 1 , wherein the server is a TACACS+ or RADIUS server. 
   
   
     10. A server configured to receive a packet from a Home Agent which supports Mobile IP, the packet identifying a mobile node, the server comprising:
 means for providing a plurality of security associations, the plurality of security associations being associated with a plurality of mobile nodes, the means for providing a plurality of security associations being a repository of security associations for the Home Agent; and 
 means for authenticating the mobile node by sending to the Home Agent a security association associated with the mobile node in response to the packet received from the Home Agent, wherein the Home Agent does not store the security association prior to receiving the security association from the server, wherein the server is not a Home Agent or a Foreign Agent. 
 
   
   
     11. The server as recited in  claim 10 , wherein the plurality of mobile nodes are associated with a plurality of Home Agents. 
   
   
     12. The server as recited in  claim 10 , wherein the server is adapted for sending the security association in response to the packet from the Home Agent identifying the mobile node. 
   
   
     13. The server as recited in  claim 10 , wherein the server is adapted for authenticating the mobile node according to an RSA Message Digest Algorithm MD5. 
   
   
     14. The server as recited in  claim 10 , wherein the server is a TACACS+ or RADIUS server. 
   
   
     15. The server as recited in  claim 10 , wherein the security association includes a mobile node identifier and an SPI. 
   
   
     16. The server as recited in  claim 15 , wherein the security associating further includes an authentication key. 
   
   
     17. A computer-readable medium storing thereon computer-readable instructions that when read cause a computer to carry out the steps for authenticating a mobile node in a Home Agent, comprising:
 instructions for identifying a server as a source of security associations for the Home Agent, wherein the server is not a Home Agent or a Foreign Agent; 
 instructions for sending a packet to the server, the packet identifying a mobile node supported by the Home Agent, wherein the Home Agent does not maintain security associations for each of the mobile nodes supported by the Home Agent; and 
 instructions for receiving a security association for the mobile node identified in the packet. 
 
   
   
     18. The computer-readable medium as recited in  claim 17 , wherein the instructions for identifying a server comprises:
 instructions for locating a mobile node list configured on the Home Agent, the mobile node list including the mobile node; and 
 instructions for ascertaining the server containing the security association for the mobile node. 
 
   
   
     19. The computer-readable medium as recited in  claim 17 , further comprising:
 instructions for receiving a response packet from the server, the response packet indicating a status of authorization of the mobile node. 
 
   
   
     20. A computer-readable medium storing thereon computer-readable instructions that when read cause a computer to carry out the steps for authenticating a mobile node in a server supporting Mobile IP, comprising:
 instructions for receiving a packet from a Home Agent, the packet identifying a mobile node supported by the Home Agent for which the Home Agent is requesting a security association; 
 instructions for obtaining a security association for the mobile node identified in the packet from the server, wherein the server is not a Home Agent or a Foreign Agent; and 
 instructions for sending the security association to the Home Agent, thereby enabling the Home Agent to authenticate the mobile node. 
 
   
   
     21. A computer-readable medium storing thereon computer-readable instructions that when read cause a computer to carry out the steps for authenticating a mobile node in a Home Agent, comprising:
 instructions for identifying a server as a source of security associations for the Home Agent, wherein the Home Agent does not store security associations for each of the mobile nodes supported by the Home Agent, wherein the server is not a Home Agent or a Foreign Agent; 
 instructions for sending a request packet to the server, the request packet identifying the mobile node; and 
 instructions for receiving a reply packet for the mobile node identified in the request packet, the reply packet indicating a status of authentication of the mobile node. 
 
   
   
     22. The computer-readable medium as recited in  claim 21 , wherein the instructions for identifying a server comprises:
 instructions for locating a mobile node list configured on the Home Agent, the mobile node list including the mobile node; and 
 instructions for ascertaining the server associated with the mobile node. 
 
   
   
     23. The computer-readable medium as recited in  claim 21 , wherein the request packet is an authentication start packet. 
   
   
     24. The computer-readable medium as recited in  claim 21 , wherein the reply packet is one of an access-accept packet and an access-reject packet when the request packet is an access-request packet. 
   
   
     25. The computer-readable medium as recited in  claim 21 , wherein the server is a TACACS+ server or a RADIUS server. 
   
   
     26. A computer-readable medium storing thereon computer-readable instructions that when read cause a computer to carry out the steps for authenticating a mobile node in a server supporting Mobile IP, comprising:
 instructions for receiving a request packet from a Home Agent, the request packet identifying the mobile node; 
 instructions for obtaining a security association for the mobile node identified in the request packet; 
 instructions for authenticating the mobile node by applying the security association, wherein the server is a repository of security associations for the Home Agent, wherein the server is not a Home Agent or a Foreign Agent; and 
 instructions for sending a reply packet to the Home Agent. 
 
   
   
     27. The computer-readable medium as recited in  claim 26 , wherein the request packet is an authentication start packet. 
   
   
     28. The computer-readable medium as recited in  claim 26 , wherein the reply packet is one of an access-accept packet and an access-reject packet when the request packet is an access-request packet. 
   
   
     29. The computer-readable medium as recited in  claim 26 , wherein the server is a TACACS+ or a RADIUS server. 
   
   
     30. A Home Agent supporting Mobile LIP, comprising:
 means for generating a mobile node list identifying mobile nodes supported by the Home Agent, the mobile node list identifying at least one server as a source of security associations for the mobile nodes, wherein the server is not a Home Agent or a Foreign Agent, wherein the Home Agent does not maintain the security associations for the mobile nodes; and 
 means for contacting the at least one server in order to authenticate one of the mobile nodes. 
 
   
   
     31. The Home Agent as recited in  claim 30 , wherein the Home Agent is configured to send a mobile node identifier to the server. 
   
   
     32. The Home Agent as recited in  claim 30 , wherein the server is a TACACS+ or a RADIUS server. 
   
   
     33. The Home Agent as recited in  claim 30 , wherein the Home Agent is implemented on a router or switch. 
   
   
     34. The Home Agent as recited in  claim 30 , wherein the Home Agent does not store security associations for all the mobile nodes it supports. 
   
   
     35. A Home Agent adapted for authenticating a mobile node, comprising:
 means for identifying a server as a source of security associations for the Home Agent, wherein the server is not a Home Agent or a Foreign Agent; 
 means for sending a packet to the server, the packet identifying a mobile node supported by the Home Agent, wherein the Home Agent does not maintain security associations for each of the mobile nodes supported by the Home Agent; and 
 means for receiving a security association for the mobile node identified in the packet. 
 
   
   
     36. A server supporting Mobile IP adapted for authenticating a mobile node, comprising:
 means for receiving a packet from a Home Agent, the packet identifying a mobile node supported by the Home Agent for which the Home Agent is requesting a security association; 
 means for obtaining a security association for the mobile node identified in the packet from the server, wherein the server is not a Home Agent or a Foreign Agent; and 
 means for sending the security association to the Home Agent, thereby enabling the Home Agent to authenticate the mobile node. 
 
   
   
     37. A Home Agent adapted for authenticating a mobile node, comprising:
 means for identifying a server as a source of security associations for the Home Agent, wherein the Home Agent does not store security associations for each of the mobile nodes supported by the Home Agent, wherein the server is not a Home Agent or a Foreign Agent; 
 means for sending a request packet to the server, the request packet identifying the mobile node; and 
 means for receiving a reply packet for the mobile node identified in the request packet, the reply packet indicating a status of authentication of the mobile node. 
 
   
   
     38. A server supporting Mobile IP adapted for authenticating a mobile node, comprising:
 means for receiving a request packet from a Home Agent, the request packet identifying the mobile node; 
 means for obtaining a security association for the mobile node identified in the request packet; 
 means for authenticating the mobile node by applying the security association, wherein the server is a repository of security associations for the Home Agent, wherein the server is not a Home Agent or a Foreign Agent; and 
 means for sending a reply packet to the Home Agent.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.